{"containers": {"cna": {"affected": [{"product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "9.0.0.M1 to 9.0.0"}, {"status": "affected", "version": "8.5.0 to 8.5.22"}, {"status": "affected", "version": "8.0.0.RC1 to 8.0.46"}, {"status": "affected", "version": "7.0.0 to 7.0.81"}]}], "datePublic": "2017-10-03T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-13T16:09:13.000Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "RHSA-2017:3113", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3113"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:3080", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"name": "RHSA-2018:0269", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0269"}, {"name": "42966", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42966/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us"}, {"name": "RHSA-2018:0270", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0270"}, {"name": "RHSA-2018:0271", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0271"}, {"name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html"}, {"name": "RHSA-2018:2939", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2939"}, {"name": "RHSA-2018:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0465"}, {"name": "USN-3665-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/3665-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"name": "RHSA-2018:0268", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0268"}, {"name": "RHSA-2017:3114", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3114"}, {"name": "43008", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43008/"}, {"name": "1039552", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039552"}, {"name": "100954", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100954"}, {"name": "RHSA-2018:0275", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0275"}, {"name": "RHSA-2018:0466", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0466"}, {"name": "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20171018-0002/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"}, {"name": "RHSA-2017:3081", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:3081"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K53173544"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-10-03T00:00:00", "ID": "CVE-2017-12617", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Tomcat", "version": {"version_data": [{"version_value": "9.0.0.M1 to 9.0.0"}, {"version_value": "8.5.0 to 8.5.22"}, {"version_value": "8.0.0.RC1 to 8.0.46"}, {"version_value": "7.0.0 to 7.0.81"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:3113", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3113"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:3080", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"name": "RHSA-2018:0269", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0269"}, {"name": "42966", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42966/"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us"}, {"name": "RHSA-2018:0270", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0270"}, {"name": "RHSA-2018:0271", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0271"}, {"name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html"}, {"name": "RHSA-2018:2939", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2939"}, {"name": "RHSA-2018:0465", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0465"}, {"name": "USN-3665-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3665-1/"}, {"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"name": "RHSA-2018:0268", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0268"}, {"name": "RHSA-2017:3114", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3114"}, {"name": "43008", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43008/"}, {"name": "1039552", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039552"}, {"name": "100954", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100954"}, {"name": "RHSA-2018:0275", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0275"}, {"name": "RHSA-2018:0466", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0466"}, {"name": "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E"}, {"name": "https://security.netapp.com/advisory/ntap-20171018-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171018-0002/"}, {"name": "https://security.netapp.com/advisory/ntap-20180117-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"}, {"name": "RHSA-2017:3081", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:3081"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"}, {"name": "https://support.f5.com/csp/article/K53173544", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K53173544"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"}, {"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:43:56.415Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2017:3113", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3113"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"name": "RHSA-2017:3080", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"name": "RHSA-2018:0269", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0269"}, {"name": "42966", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42966/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us"}, {"name": "RHSA-2018:0270", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0270"}, {"name": "RHSA-2018:0271", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0271"}, {"name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html"}, {"name": "RHSA-2018:2939", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2939"}, {"name": "RHSA-2018:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0465"}, {"name": "USN-3665-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/3665-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"name": "RHSA-2018:0268", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0268"}, {"name": "RHSA-2017:3114", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3114"}, {"name": "43008", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/43008/"}, {"name": "1039552", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039552"}, {"name": "100954", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100954"}, {"name": "RHSA-2018:0275", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0275"}, {"name": "RHSA-2018:0466", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0466"}, {"name": "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20171018-0002/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"}, {"name": "RHSA-2017:3081", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:3081"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K53173544"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"}, {"name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-12617", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T18:46:14.471455Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12617"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12617", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "timeline": [{"time": "2022-03-25T00:00:00.000Z", "lang": "en", "value": "CVE-2017-12617 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:55:32.381Z"}}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2017-12617", "datePublished": "2017-10-03T15:00:00.000Z", "dateReserved": "2017-08-07T00:00:00.000Z", "dateUpdated": "2025-10-21T23:55:32.381Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2017:3113", "name": "RHSA-2017:3113", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:3080", "name": "RHSA-2017:3080", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0269", "name": "RHSA-2018:0269", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/42966/", "name": "42966", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0270", "name": "RHSA-2018:0270", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0271", "name": "RHSA-2018:0271", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html", "name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:2939", "name": "RHSA-2018:2939", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0465", "name": "RHSA-2018:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://usn.ubuntu.com/3665-1/", "name": "USN-3665-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0268", "name": "RHSA-2018:0268", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:3114", "name": "RHSA-2017:3114", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/43008/", "name": "43008", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1039552", "name": "1039552", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/100954", "name": "100954", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0275", "name": "RHSA-2018:0275", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0466", "name": "RHSA-2018:0466", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E", "name": "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20171018-0002/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20180117-0002/", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:3081", "name": "RHSA-2017:3081", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://support.f5.com/csp/article/K53173544", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:43:56.415Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2017-12617", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T18:46:14.471455Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-03-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12617"}}}], "timeline": [{"lang": "en", "time": "2022-03-25T00:00:00.000Z", "value": "CVE-2017-12617 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12617", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T18:46:26.334Z"}}], "cna": {"affected": [{"vendor": "Apache Software Foundation", "product": "Apache Tomcat", "versions": [{"status": "affected", "version": "9.0.0.M1 to 9.0.0"}, {"status": "affected", "version": "8.5.0 to 8.5.22"}, {"status": "affected", "version": "8.0.0.RC1 to 8.0.46"}, {"status": "affected", "version": "7.0.0 to 7.0.81"}]}], "datePublic": "2017-10-03T00:00:00.000Z", "references": [{"url": "https://access.redhat.com/errata/RHSA-2017:3113", "name": "RHSA-2017:3113", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:3080", "name": "RHSA-2017:3080", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0269", "name": "RHSA-2018:0269", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://www.exploit-db.com/exploits/42966/", "name": "42966", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0270", "name": "RHSA-2018:0270", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0271", "name": "RHSA-2018:0271", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html", "name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:2939", "name": "RHSA-2018:2939", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0465", "name": "RHSA-2018:0465", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://usn.ubuntu.com/3665-1/", "name": "USN-3665-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0268", "name": "RHSA-2018:0268", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:3114", "name": "RHSA-2017:3114", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://www.exploit-db.com/exploits/43008/", "name": "43008", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://www.securitytracker.com/id/1039552", "name": "1039552", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://www.securityfocus.com/bid/100954", "name": "100954", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0275", "name": "RHSA-2018:0275", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2018:0466", "name": "RHSA-2018:0466", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E", "name": "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://security.netapp.com/advisory/ntap-20171018-0002/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://security.netapp.com/advisory/ntap-20180117-0002/", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://access.redhat.com/errata/RHSA-2017:3081", "name": "RHSA-2017:3081", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://support.f5.com/csp/article/K53173544", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "tags": ["x_refsource_MISC"]}, {"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": ["mailing-list", "x_refsource_MLIST"]}], "descriptions": [{"lang": "en", "value": "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Remote Code Execution"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2020-02-13T16:09:13.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "9.0.0.M1 to 9.0.0"}, {"version_value": "8.5.0 to 8.5.22"}, {"version_value": "8.0.0.RC1 to 8.0.46"}, {"version_value": "7.0.0 to 7.0.81"}]}, "product_name": "Apache Tomcat"}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://access.redhat.com/errata/RHSA-2017:3113", "name": "RHSA-2017:3113", "refsource": "REDHAT"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3080", "name": "RHSA-2017:3080", "refsource": "REDHAT"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us", "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0269", "name": "RHSA-2018:0269", "refsource": "REDHAT"}, {"url": "https://www.exploit-db.com/exploits/42966/", "name": "42966", "refsource": "EXPLOIT-DB"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us", "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0270", "name": "RHSA-2018:0270", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0271", "name": "RHSA-2018:0271", "refsource": "REDHAT"}, {"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html", "name": "[debian-lts-announce] 20171107 [SECURITY] [DLA 1166-1] tomcat7 security update", "refsource": "MLIST"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2939", "name": "RHSA-2018:2939", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0465", "name": "RHSA-2018:0465", "refsource": "REDHAT"}, {"url": "https://usn.ubuntu.com/3665-1/", "name": "USN-3665-1", "refsource": "UBUNTU"}, {"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0268", "name": "RHSA-2018:0268", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3114", "name": "RHSA-2017:3114", "refsource": "REDHAT"}, {"url": "https://www.exploit-db.com/exploits/43008/", "name": "43008", "refsource": "EXPLOIT-DB"}, {"url": "http://www.securitytracker.com/id/1039552", "name": "1039552", "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/100954", "name": "100954", "refsource": "BID"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0275", "name": "RHSA-2018:0275", "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2018:0466", "name": "RHSA-2018:0466", "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E", "name": "[announce] 20171003 [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload", "refsource": "MLIST"}, {"url": "https://security.netapp.com/advisory/ntap-20171018-0002/", "name": "https://security.netapp.com/advisory/ntap-20171018-0002/", "refsource": "CONFIRM"}, {"url": "https://security.netapp.com/advisory/ntap-20180117-0002/", "name": "https://security.netapp.com/advisory/ntap-20180117-0002/", "refsource": "CONFIRM"}, {"url": "https://access.redhat.com/errata/RHSA-2017:3081", "name": "RHSA-2017:3081", "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST"}, {"url": "https://support.f5.com/csp/article/K53173544", "name": "https://support.f5.com/csp/article/K53173544", "refsource": "CONFIRM"}, {"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E", "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote Code Execution"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2017-12617", "STATE": "PUBLIC", "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2017-10-03T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2017-12617", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:55:32.381Z", "dateReserved": "2017-08-07T00:00:00.000Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2017-10-03T15:00:00.000Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-04-15", "cisaExploitAdd": "2022-03-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache Tomcat Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7286E06-DA84-401D-8FB8-DEEF6A171C88", "versionEndExcluding": "7.0.82", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C385FE9-F78C-49BC-AE87-5FE1A9BD7ED3", "versionEndExcluding": "8.0.47", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF72650E-5826-4ABB-9B7D-43C96DB3B9B7", "versionEndExcluding": "8.5.23", "versionStartIncluding": "8.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "matchCriteriaId": "817D7E47-947E-4A2F-A8AB-1302D5DF6684", "versionEndExcluding": "9.0.1", "versionStartIncluding": "9.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "622B95F1-8FA4-4AA6-9B68-5FE4302BA150", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8B65CD29-C729-42AC-925E-014BA19581E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:12.1.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "815E0C5E-00DF-4AD2-AE97-A752B3DC1631", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C3CFCCE-A8D4-4B78-9C37-88238580B5DA", "versionEndIncluding": "7.3.5.3.0", "versionStartIncluding": "7.3.3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "9380A86A-7A58-477F-A697-B6692E18B4B9", "versionEndIncluding": "8.0.9.0.0", "versionStartIncluding": "8.0.0.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:fmw_platform:12.2.1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "657387A7-DFD9-4CDC-968A-3F3970FDE224", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9C5E9A12-BFE9-4963-A360-A34168A6BF6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_inspections:1.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "26CD44C0-F9DD-46F0-A4C1-2C2639217B4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:management_pack:11.2.1.0.13:*:*:*:*:goldengate:*:*", "matchCriteriaId": "5EB9E1EA-E136-4B09-9BBB-D7D48D993349", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "98EE20FD-3D21-4E23-95B8-7BD13816EB95", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "78933DD0-F774-4E60-BC66-D5A57919717A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8ECA7A7E-8177-4FD4-B9B9-F4B1B6F43F98", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "73C9A2AD-F384-44D5-AB33-86B7250760A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "EEB4EB87-5ABB-437D-BDAC-FB64F33929FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA3F5761-E2A0-4F67-BAE1-503877676BF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:micros_retail_xbri_loss_prevention:10.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1E3C86B-4483-430A-856D-7EAB7D388D2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF9C223C-BC90-4253-A009-53DEDEE9C1CC", "versionEndIncluding": "3.3.6.3293", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "52886BA2-204E-4F0E-B22F-CE5FDFCC98B5", "versionEndIncluding": "3.4.4.4226", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", "matchCriteriaId": "6470AB3F-ADE2-4BA2-A6B9-E094C927CC77", "versionEndIncluding": "4.0.0.5135", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "D8193A06-3F6B-4F5A-AA58-B1B0AB3A87A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:13.4:*:*:*:*:*:*:*", "matchCriteriaId": "FE65A212-7385-4973-A9C8-FB9C2F9F745F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB363B97-8D71-4FC5-AF88-B6A0040E3D04", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "92978070-A3FD-45E7-8A19-C6324116416B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "74D44D74-4402-4569-B335-AFB5F80424ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "5ABB11E1-AD2A-47AA-A5AA-49D94B50CEC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.1.132:*:*:*:*:*:*:*", "matchCriteriaId": "DA5B8931-D3B4-46A9-B1A0-9A6BBA365FC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:1.1.124:*:*:*:*:*:*:*", "matchCriteriaId": "BD00C4A5-D05A-4C64-A50C-B8CE182FFB5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:15.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "25AC9F0D-4476-41AC-A7AB-5DE52135D8D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:16.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "A4DF6FE2-35CB-43AB-95F4-40C909DEC69F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_insights:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DCCBA87-C934-4B94-A5F2-B459FF9CBEC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_insights:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D962EF0-D6E1-4B1F-9F50-0E30C3B5CF4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_insights:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "9B3935CB-58D4-49A4-B3D4-D0DA0CD12F38", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_insights:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "269BCEDB-57A1-4611-A009-29791E0EF9A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "51D1FAEE-65FD-47EB-9F4D-505C72000F3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C45FF05-FB76-4782-891E-F4A8A4871A22", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C03ED7B-3826-4D6D-89C5-61DE12E27213", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "8893CB1D-F18C-404D-BC06-CA2617BFAE58", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "42227DD8-6671-4B38-9E42-4ACF78F09C97", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "69962BD9-A102-4621-9461-018E87261657", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "788F2530-F011-4489-8029-B3468BAF7787", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "7D939BB4-9D34-43A4-A19C-1CC90DB748FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4E864D4-96C0-4FD5-993F-7E2472893FF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*", "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_management_system:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "01FFED25-C781-45CA-8F3B-7A75D5F1E126", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_management_system:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "DA5092E0-0F34-4330-BE16-B0D5FF4C91E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_management_system:4.7:*:*:*:*:*:*:*", "matchCriteriaId": "BBBC99BE-E550-482C-B759-6032E6593D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_management_system:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "66CAA1FF-02B0-4479-8349-DEB19208A21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "5C47CC5A-5A12-4058-9F60-A50E2D2040BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A1CE1F19-1F07-4CBB-9930-F47394ED8054", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "FABD1A02-06F9-48A7-A22D-10DCD24938E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:13.0:*:*:*:*:*:*:*", "matchCriteriaId": "06992F7E-3BCA-4489-AD12-534C50CE6E6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6D3F48B-E5F3-4412-815A-6C1E23E98674", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "C19C5CC9-544A-4E4D-8F0A-579BB5270F07", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "891E192D-BA12-4D89-8D18-C93D2F26A369", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B956113-5B3B-436D-858B-8F29FB304364", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "EFC5F424-119D-4C66-8251-E735EEFBC0BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:2.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "4B31A871-77CF-455F-A28A-FBCE595D51DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "892B1AB5-B0DC-4E57-B22F-0196A9F22CE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E9002D8-133F-4AB2-8475-4B0A464D0021", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B529695B-B859-4A1B-9873-6C870201879F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:12.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "F26748F3-1952-43B2-8847-264257ECBF10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:13.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "142391D3-E38C-4F0E-9BB1-034DC28FAF75", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:13.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "555925C7-3345-48F8-9FD9-0E6C1E83E960", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:13.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "0953CAB4-B627-419D-9B8A-7C776A4FC18F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C5BE74EA-FC65-4A23-B5AA-1FC97390ADAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8AAFAA67-42E9-4B4E-9DC7-A38275FD45CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:6.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "B7A0E714-AC23-49B5-A36C-D10FA4699561", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "89B3354D-3929-4AEC-AAE0-7F573341FD6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "55901EF7-B71C-40B3-B276-FDA6381F051F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "385D40CC-5AA0-4DAB-A2E7-F3A3CFF95BA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7A714FB-050A-4040-BC57-C22FA4DD58D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "A775321B-6DFB-4770-8F6D-D34D655438AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "835BB7D9-633C-4CB3-8E8F-CA6FD62E587A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "48FE41BA-1E3C-4626-930F-3F8FEE124A78", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F284EF-05CF-4CF5-B7CA-F58AE01DA3B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C09892E8-D580-488A-A80E-B358D682A25A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "A58642E0-CA59-4DE6-A83C-F551FC621C32", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:tuxedo_system_and_applications_monitor:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7072B3F-88AE-4432-879B-9D8208C67C74", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BB4709C-6373-43CC-918C-876A6569865A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AD848FE1-CFD7-490C-B008-DF3B30F3256F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62", "versionStartIncluding": "7.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB", "versionStartIncluding": "9.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94", "vulnerable": true}, {"criteria": "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*", "matchCriteriaId": "5E1DE4F5-9094-4C73-AA1B-5C902F38DD24", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "077732DB-F5F3-4E9C-9AC0-8142AB85B32F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1ABA871-3271-48E2-A69C-5AD70AF94E53", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "681173DF-537E-4A64-8FC7-75F439CCAD0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E2F2F98-DB90-43F6-8F28-3656207B6188", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server_text-only_advisories:-:*:*:*:*:*:*:*", "matchCriteriaId": "08E5BFFC-F3E0-43E6-BA40-81B2A8B7CC01", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "46DD0CA2-3786-4E97-A60C-5043FDDBCB86", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "55E4609A-C986-4041-A528-1B4B37E1F6F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "92BDD126-A468-47D9-A468-6E229D75939D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus_compute_node:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "6DAA8C42-870A-42B4-AE9F-7C67F4122ED3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:6.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "C84EAAE7-0249-4EA1-B8D3-E039B03ACDC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "B908AEF5-67CE-42D4-961D-C0E7ADB78ADD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.5_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "0F8EB695-5EA3-46D2-941E-D7F01AB99A48", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.6_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "1E1DB003-76B8-4D7B-A6ED-5064C3AE1C11", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.7_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "FFC68D88-3CD3-4A3D-A01B-E9DBACD9B9CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:6.0_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "6D8D654F-2442-4EA0-AF89-6AC2CD214772", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "9B8B2E32-B838-4E51-BAA2-764089D2A684", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "4319B943-7B19-468D-A160-5895F7F997A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "E9A24D0C-604D-4421-AFA6-5D541DA2E94D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.5_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "3A2E3637-B6A6-4DA9-8B0A-E91F22130A45", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.6_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "F81F859C-DA89-4D1E-91D3-A000AD646203", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.7_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "418488A5-2912-406C-9337-B8E85D0C2B57", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7E11E-FB34-4467-8919-2B6BEAABF665", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server."}, {"lang": "es", "value": "Al ejecutar Apache Tomcat desde la versi\u00f3n 9.0.0.M1 hasta la 9.0.0, desde la 8.5.0 hasta la 8.5.22, desde la 8.0.0.RC1 hasta la 8.0.46 y desde la 7.0.0 hasta la 7.0.81 con los HTTP PUT habilitados (por ejemplo, configurando el par\u00e1metro de inicializaci\u00f3n de solo lectura del servlet Default a \"false\"), es posible subir un archivo JSP al servidor mediante una petici\u00f3n especialmente manipulada. Este JSP se puede despu\u00e9s solicitar y cualquier c\u00f3digo que contenga se ejecutar\u00eda por el servidor."}], "id": "CVE-2017-12617", "lastModified": "2026-04-21T17:03:52.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2017-10-04T01:29:02.120", "references": [{"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry", "Broken Link"], "url": "http://www.securityfocus.com/bid/100954"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry", "Broken Link"], "url": "http://www.securitytracker.com/id/1039552"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3081"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3113"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3114"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0268"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0269"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0270"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0271"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0275"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0465"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0466"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2939"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20171018-0002/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K53173544"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3665-1/"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42966/"}, {"source": "security@apache.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43008/"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry", "Broken Link"], "url": "http://www.securityfocus.com/bid/100954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry", "Broken Link"], "url": "http://www.securitytracker.com/id/1039552"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3113"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:3114"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0268"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0269"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0270"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0271"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:0466"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List"], "url": "https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb%40%3Cannounce.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20171018-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20180117-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K53173544"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03812en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03828en_us"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/3665-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42966/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43008/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-12617"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2017:3080", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "tomcat6-0:6.0.24-111.el6_9", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2017-10-30T00:00:00Z"}, {"advisory": "RHSA-2017:3081", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "tomcat-0:7.0.76-3.el7_4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-10-30T00:00:00Z"}, {"advisory": "RHSA-2018:2939", "cpe": "cpe:/a:redhat:jboss_fuse:6.3", "product_name": "Red Hat Fuse Intergration Services 2.0 based on Fuse 6.3 R8", "release_date": "2018-10-17T00:00:00Z"}, {"advisory": "RHSA-2018:0269", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.4", "package": "jbossweb", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "hornetq-0:2.3.25-25.SP23_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "infinispan-0:5.2.23-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "ironjacamar-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-bundles-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-cli-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-client-all-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-clustering-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-cmp-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-connector-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-controller-client-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-core-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-core-security-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-deployment-repository-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-deployment-scanner-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-domain-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-http-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-domain-management-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ee-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ee-deployment-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-ejb3-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-embedded-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-host-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jacorb-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-javadocs-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jaxr-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jaxrs-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jdr-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jpa-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jsf-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-jsr77-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-logging-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-mail-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-management-client-content-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-messaging-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-modcluster-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-modules-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-naming-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-network-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-osgi-service-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-picketlink-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-platform-mbean-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-pojo-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-process-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-product-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-protocol-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-remoting-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-sar-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-security-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-server-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-standalone-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-system-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-threads-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-transactions-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-version-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-web-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-webservices-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossas-welcome-content-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-weld-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-xts-0:7.5.19-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-ejb-client-0:1.0.40-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-remoting3-0:3.3.12-2.Final_redhat_2.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossweb-0:7.5.27-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jbossws-cxf-0:4.3.7-1.Final_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "picketlink-bindings-0:2.5.4-22.SP18_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0271", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "picketlink-federation-0:2.5.4-20.SP18_redhat_1.1.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "hornetq-0:2.3.25-25.SP23_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "infinispan-0:5.2.23-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "ironjacamar-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-bundles-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-cli-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-client-all-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-clustering-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-cmp-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-connector-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-controller-client-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-core-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-core-security-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-deployment-repository-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-deployment-scanner-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-domain-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-http-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-domain-management-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ee-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ee-deployment-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-ejb3-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-embedded-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-host-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jacorb-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-javadocs-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jaxr-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jaxrs-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jdr-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jpa-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jsf-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-jsr77-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-logging-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-mail-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-management-client-content-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-messaging-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-modcluster-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-modules-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-naming-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-network-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-osgi-service-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-picketlink-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-platform-mbean-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-pojo-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-process-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-product-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-protocol-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-remoting-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-sar-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-security-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-server-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-standalone-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-system-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-threads-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-transactions-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-version-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-web-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-webservices-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossas-welcome-content-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-weld-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-xts-0:7.5.19-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-ejb-client-0:1.0.40-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-remoting3-0:3.3.12-2.Final_redhat_2.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossweb-0:7.5.27-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jbossws-cxf-0:4.3.7-1.Final_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "picketlink-bindings-0:2.5.4-22.SP18_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0270", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "picketlink-federation-0:2.5.4-20.SP18_redhat_1.1.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0275", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-ec2-eap-0:7.5.19-2.Final_redhat_2.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "hornetq-0:2.3.25-25.SP23_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "infinispan-0:5.2.23-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "ironjacamar-eap6-0:1.0.41-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-appclient-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-bundles-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-cli-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-client-all-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-clustering-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-cmp-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-connector-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-controller-client-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-core-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-core-security-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-deployment-repository-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-deployment-scanner-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-domain-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-domain-http-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-domain-management-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-ee-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-ee-deployment-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-ejb3-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-embedded-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-host-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jacorb-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-javadocs-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jaxr-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jaxrs-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jdr-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jpa-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jsf-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-jsr77-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-logging-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-mail-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-management-client-content-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-messaging-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-modcluster-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-modules-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-naming-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-network-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-osgi-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-osgi-configadmin-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-osgi-service-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-picketlink-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-platform-mbean-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-pojo-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-process-controller-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-product-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-protocol-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-remoting-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-sar-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-security-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-server-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-standalone-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-system-jmx-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-threads-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-transactions-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-version-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-web-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-webservices-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossas-welcome-content-eap-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-weld-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-as-xts-0:7.5.19-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-ejb-client-0:1.0.40-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jboss-remoting3-0:3.3.12-2.Final_redhat_2.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossweb-0:7.5.27-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "jbossws-cxf-0:4.3.7-1.Final_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "picketlink-bindings-0:2.5.4-22.SP18_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2018:0268", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7", "package": "picketlink-federation-0:2.5.4-20.SP18_redhat_1.1.ep6.el7", "product_name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7", "release_date": "2018-02-05T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "httpd-0:2.2.26-57.ep6.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "tomcat6-0:6.0.41-19_patch_04.ep6.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el6", "package": "tomcat7-0:7.0.54-28_patch_05.ep6.el6", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 6", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7", "package": "httpd22-0:2.2.26-58.ep6.el7", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7", "package": "jbcs-httpd24-openssl-1:1.0.2h-14.jbcs.el7", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7", "package": "mod_cluster-native-0:1.2.13-9.Final_redhat_2.ep6.el7", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7", "package": "tomcat6-0:6.0.41-19_patch_04.ep6.el7", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3113", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2::el7", "package": "tomcat7-0:7.0.54-28_patch_05.ep6.el7", "product_name": "Red Hat JBoss Enterprise Web Server 2 for RHEL 7", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3114", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1", "package": "tomcat6", "product_name": "Red Hat JBoss Web Server 2.1", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2017:3114", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2.1", "package": "tomcat7", "product_name": "Red Hat JBoss Web Server 2.1", "release_date": "2017-11-02T00:00:00Z"}, {"advisory": "RHSA-2018:0465", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1", "product_name": "Red Hat JBoss Web Server 3.1", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat7-0:7.0.70-25.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat8-0:8.0.36-29.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6", "package": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6", "product_name": "Red Hat JBoss Web Server 3 for RHEL 6", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat7-0:7.0.70-25.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat8-0:8.0.36-29.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2018-03-07T00:00:00Z"}, {"advisory": "RHSA-2018:0466", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7", "package": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7", "product_name": "Red Hat JBoss Web Server 3 for RHEL 7", "release_date": "2018-03-07T00:00:00Z"}], "bugzilla": {"description": "tomcat: Remote Code Execution bypass for CVE-2017-12615", "id": "1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.", "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution."], "mitigation": {"lang": "en:us", "value": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\nBlock HTTP methods that permit resource modification for untrusted users."}, "name": "CVE-2017-12617", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "tomcat5", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5", "fix_state": "Will not fix", "package_name": "jbossweb", "product_name": "Red Hat JBoss Enterprise Application Platform 5"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Not affected", "package_name": "jbossweb", "product_name": "Red Hat JBoss Portal 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-java-common-tomcat", "product_name": "Red Hat Software Collections"}], "public_date": "2017-09-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-12617\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-12617\nhttps://tomcat.apache.org/security-7.html\nhttps://tomcat.apache.org/security-8.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "threat_severity": "Important"}

{}